1. Field of the Invention
The present invention relates to the field of information systems. More specifically, the present invention relates to electronic purchases while maintaining privacy of customer billing data.
2. Background Information
The Internet is a well-known collection of public and private data communication and multimedia networks that operate using common protocols to form a world wide network of networks. Recently there has been an explosion in the availability of “virtual storefronts,” e.g., commerce sites, reachable over the Internet. This rapid growth is due, in part, to the availability of fast, reliable and affordable computing device systems, and the general simplification of networking hardware and configuration. Thus, consumers and businesses alike now have access to hardware that makes effective online commerce commercially practicable.
To conduct online transactions, a business typically sets up a home page (e.g., “web site”) on the World Wide Web, which is a logical overlay of the Internet. Web sites are simply machines located someplace within the Internet, with traditional naming conventions for the machines, e.g., named WWW, and holding themselves available to interact using standard protocols such as Hypertext Transfer Protocol (HTTP), and programming languages or environments such as Hypertext Transfer Protocol HTML, XML, Java, JavaScript, Java Beans, ActiveX, Visual Basic, or the like.
To make a purchase via a web site, a customer executes a “browser,” such as the Internet Explorer, Netscape Navigator, or other network aware application program that is configured to communicate with a business' web site. The customer locates a particular product, and proceeds to a “check out” web page (or equivalent) to process a purchase transaction. At this point, the customer must enter credit card data and other data sufficient to identify the customer and allow purchase of goods to occur.
Historically, thieves have attempted to monitor such online transactions so as to steal consumer data to allow engaging in subsequent fraudulent transactions. Such monitoring is possible due to the inherently insecure nature of the Internet communication protocol. Internet communication follows the Transmission Control Protocol/Internet Protocol (TCP/IP), where data is broken into small packets that are individually sent to a recipient, received by the recipient and then re-assembled into the original data.
Unfortunately, anyone with access to a network has the ability to “snoop” network traffic on that network. Thus, anyone capable of monitoring some portion of the communication path between the customer and business is then able to monitor the purchase transaction. To overcome this security problem, various protocols, e.g., IP Security (IPSEC), Secure Sockets Layer (SSL), Secure HTTP (S-HTTP) have emerged to allow a business and a customer to securely communicate.
Although the data packets can still be snooped, their contents are now encrypted and unusable. Thus, thieves have recently begun to attack, or “hack,” the online commerce sites so as to steal consumer data stored within databases maintained by the business. Since private consumer data, such as credit card information, once received by a business, is reassembled and decrypted by the business, the data is available for theft.
Thus, what is needed is an environment which provides consumers with the ability to engage in online transactions in a more secure manner.